Welcome to SaaS thoughts

Whether you call it Software as a Service (SaaS), Managed Service Provider (MSP) or On-Demand Services, your organization uses the service running “in the cloud”. This blog will discuss these services, their benefits, drawbacks and operations. Are we biased? Yes. We believe that some services make sense for most organizations. Email security is one of those. However as Mark Twain said, “All generalizations are false, even this one.” Each Tuesday we will post information and questions about Software as a Service. Occasionally, we will have a "Guest Post" from either a consultant or vendor posting her/his thoughts on Managed Services generally as well as some degree of specificity based on her/his unique perspective. We encourage your insights, comments and feedback. Welcome.

Email archive is a big topic today and getting bigger. Estimates are that 50% of organizations are now (2009) archiving their email. Predictions are that 2010 will see that grow to 65%.

Why the big growth? Several reasons. It used to be that only heavily regulated businesses were required to archive their email. With the coming of several well publicized legal cases in which email messages played a critical part, legal discovery became a second driver. E-discovery has become such a large part of litigation today that several states are now requiring businesses to archive their email. Today, most organizations are looking to archive their email for some combination of three reasons.

Compliance/record retention

Records retention has been a business requirement for decades. Highly regulated industries have sets of regulations specific to their type of business. Financial broker-dealers must comply with both the SEC‘s Rule 17a and FINRA guidelines. These rules define the kinds of records to be retained and the supervision of communications to ensure that the guidelines are followed. Even governmental agencies and state and local governments must retain and make records (including email communications) available. The SOX Act reinforced the need to include electronic records as part of a business’ records retention plan.

While there have been several attempts to roll back the scope of these regulations, most are and will continue to be a significant driver for email archiving.

Legal discovery

While legal discovery is tied to compliance because it is subject to disclosure, the FRPC revisions of 2006 addressed the requirements of retention and discovery of ESI and its production during discovery. It also laid out that corporate management is responsible for the management and storage of these records. The revision of the FRPC has been a wake-up call to legal teams to bring electronic records management under control. The IT department now has to document and comply with records-retention policies while having to deal with the ever growing data storage issue exacerbated by these policies.

The optimal system allows for the retention of only those records required for just the length of time required and no longer. Unfortunately, neither of these is easily defined for most businesses. In an effort to deal with this problem, some organizations set a policy to retain email either for a short period of time or to retain all email forever. Both extremes have obvious problems.

When a legal situation comes up, the organization may need to apply a “legal hold” on specific data suspending the deletion of data according to a court order. This legal hold means that the specified data must be kept beyond the normal end of life specified in the records retention policy. Identifying the specific data and complying with such an order is difficult and therefore expensive without adequate email archiving. In Petcou v. C.H. Robinson Worldwide, Inc. the cost of recovering two years of email for a single employees was reported at $79,000.

Mail server storage management

One of the main benefits of email archiving is the potential for removing older messages from the data store freeing up space and improving email server performance. Typically, IT departments try to limit data stores by requiring email to be migrated to personal archives. This plan is hampered by several problems. First, it degrades the email client performance significantly. Second, personal archives often do not get backed up or become corrupt therefore may be unavailable. Most importantly, when faced with a legal discovery, reassembling the email data to perform queries become more difficult.

To solve this problem some systems began to use message “stubbing”. This process splits the data store and moves the message data (usually the attachments) off to some other storage device leaving just a pointer in the original data store indicating the location of the data. This seems like a good idea however, it just moves the problem from one data store to another. Now there are two local data stores to capitalize, administer, maintain, synchronize and backup.

All these steps have led to the rise of third-party email archiving. A “message gathering” rule or journaling entry is made in the email system copying all or specific messages to a data center which stores and full-text indexes them and data about the messages. This data store can be accessed either by the end user in the case of personal archives or by a legal team in the case of legal or compliance archives. The data center is responsible for administration, backups, media updates and accessibility. Usually all an organization pays for is a small flat monthly fee per user often for unlimited storage with unlimited retention.

To get a free evaluation of email archiving contact us via email or phone: 770-603-0300.